Package: ncurses / 6.1+20181013-2+deb10u2

CVE-2019-17594.diff Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
Author: Sven Joachim <svenjoac@gmx.de>
Description: Fix for CVE-2019-17594
 Check for invalid hashcode in _nc_find_type_entry and nc_find_entry,
 fix cherry-picked from upstream patchlevel 20191012.
Bug-Debian: https://bugs.debian.org/942401
Bug: https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00017.html
Forwarded: not-needed
Last-Update: 2019-11-02

---
 ncurses/tinfo/comp_hash.c |    8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

--- a/ncurses/tinfo/comp_hash.c
+++ b/ncurses/tinfo/comp_hash.c
@@ -63,7 +63,9 @@ _nc_find_entry(const char *string,
 
     hashvalue = data->hash_of(string);
 
-    if (data->table_data[hashvalue] >= 0) {
+    if (hashvalue >= 0
+	&& (unsigned) hashvalue < data->table_size
+	&& data->table_data[hashvalue] >= 0) {
 
 	real_table = _nc_get_table(termcap);
 	ptr = real_table + data->table_data[hashvalue];
@@ -96,7 +98,9 @@ _nc_find_type_entry(const char *string,
     const HashData *data = _nc_get_hash_info(termcap);
     int hashvalue = data->hash_of(string);
 
-    if (data->table_data[hashvalue] >= 0) {
+    if (hashvalue >= 0
+	&& (unsigned) hashvalue < data->table_size
+	&& data->table_data[hashvalue] >= 0) {
 	const struct name_table_entry *const table = _nc_get_table(termcap);
 
 	ptr = table + data->table_data[hashvalue];